####### Permissions module ##########

#!trydef KZ_PERMISSIONS_MAX_SUBNET 2048
#!trydef KZ_PERMISSIONS_CACHE 0
#!trydef TRUSTED_AMQP_FLAGS 2048


loadmodule "permissions.so"
modparam("permissions", "db_url", "KAZOO_DB_URL")
modparam("permissions", "db_mode", KZ_PERMISSIONS_CACHE)
modparam("permissions", "peer_tag_avp", "$avp(trusted_x_header)")
modparam("permissions", "max_subnets", KZ_PERMISSIONS_MAX_SUBNET)

modparam("rtimer", "timer", "name=trusted_reload;interval=30;mode=1;")
modparam("rtimer", "exec", "timer=trusted_reload;route=TRUSTED_RELOAD")
modparam("rtimer", "exec", "timer=trusted_reload;route=TRUSTED_QUERY")

modparam("pv", "shvset", "trusted_query=i:1")

route[TRUSTED_LOAD]
{
    $shv(trusted_query) = 2;
    $shv(trusted_reload) = 0;

    $var(amqp_payload_request) = $_s({"Event-Category" : "trusted" , "Event-Name" : "query"});
    $var(amqp_routing_key) = "trusted.query";

    xlog("L_INFO", "event|trusted|publishing to acl => $var(amqp_routing_key) : $var(amqp_payload_request)\n");
    if(kazoo_query("trusted", $var(amqp_routing_key), $var(amqp_payload_request), "$def(TRUSTED_AMQP_FLAGS)") != 1) {
        if($(kzR{kz.json,Event-Name}) == "message_returned" ) {
            xlog("L_WARNING", "event|trusted|message was returned by broker $(kzR{kz.json,Error-Code}) $(kzR{kz.json,Error-Reason})\n");
        } else {
            xlog("L_WARNING", "event|trusted|query failed $kzR\n");
        }
        $shv(trusted_query) = 1;
        return;
    }

    xlog("L_INFO", "event|trusted|query got reply\n");
    avp_delete("$avp(TrustedKeys)/g");
    if(kazoo_json_keys($kzR, "Trusted", "$avp(TrustedKeys)") != 1) {
        xlog("L_WARNING", "event|trusted|no keys for Trusted\n");
        $shv(trusted_query) = 0;
        return;
    }
    xlog("L_INFO", "event|trusted|cleaning address table\n");
    sql_query("exec", "delete from address");
    $var(total) = 0;
    $var(Count) = $cnt($avp(TrustedKeys));
    $var(Idx) = 0;
    xlog("L_INFO", "event|trusted|count for trusted is $var(Count)\n");
    while($var(Idx) < $var(Count)) {
         $var(KeyName) = $(avp(TrustedKeys)[$var(Idx)]);
         $var(Key) = $(var(KeyName){s.replace,.,%});
         $var(token) = $(kzR{kz.json,Trusted.$var(Key).token});
         $var(cidr_count) = $(kzR{kz.json.count, Trusted.$var(Key).cidrs});

         ## ports
         $var(port_count) = $(kzR{kz.json.count, Trusted.$var(Key).ports});
         $(avp(ports)[*]) = $null;
         if($var(port_count) == 0) {
             $avp(ports) = 0;
             $var(port_count) = 1;
         } else {
             $var(portIdx) = 0;
             while($var(portIdx) < $var(port_count)) {
                 $avp(ports) = $(kzR{kz.json, Trusted.$var(Key).ports[$var(portIdx)});
                 $var(portIdx) = $var(portIdx) + 1;
             } 
         }

         $var(cidr_idx) = 0;
         while($var(cidr_idx) < $var(cidr_count)) {
            $var(cidr) = $(kzR{kz.json,Trusted.$var(Key).cidrs[$var(cidr_idx)]});
            $var(ip) = $(var(cidr){s.select,0,/});
            $var(mask) = $(var(cidr){s.select,1,/});

            $var(portIdx) = 0;
            while($var(portIdx) < $var(port_count)) {
                $var(sql) = $_s(insert into address(ip_addr, mask, port, tag) values("$var(ip)", $var(mask), $(avp(ports)[$var(portIdx)]), "$var(token)"));
                sql_query("exec", "$var(sql)");
                $var(portIdx) = $var(portIdx) + 1;
                $var(total) = $var(total) + 1;
            }

            $var(cidr_idx) = $var(cidr_idx) + 1;
         }
         $var(Idx) = $var(Idx) + 1;
    }
    
    xlog("L_NOTICE", "event|trusted|loaded $var(total) entries into address table\n");
    $shv(trusted_reload) = 1;
    $shv(trusted_query) = 0;

}

route[RELOAD_TRUSTED]
{
    jsonrpc_exec('{"jsonrpc": "2.0", "method": "permissions.addressReload"}');
    xlog("L_NOTICE", "event|trusted|reload $(jsonrpl(body){kz.json,result})\n");
    $shv(trusted_reload) = 0;
}

route[TRUSTED_RELOAD]
{
   if($shv(trusted_reload) == 1) {
      $shv(trusted_reload) = 2;
   } else if($shv(trusted_reload) == 2) {
      route(RELOAD_TRUSTED);
   };
}

route[TRUSTED_QUERY]
{
   if($shv(trusted_query) == 1) {
      route(TRUSTED_LOAD);
   };
}

route[KZ_AMQP_BINDING_TRUSTED]
{
    if(!check_route_exists("KZ_AMQP_BINDING_CUSTOM_TRUSTED")) {
        $var(payload) = $_s({"name": "trusted-reload", "exchange": "trusted", "type": "topic", "queue": "trusted-reload-MY_HOSTNAME", "routing": "trusted.reload", "federate": true });
        kazoo_subscribe("$var(payload)");
    }
}

event_route[kazoo:consumer-event-trusted-reload]
{
    xlog("L_NOTICE", "event|trusted|received trusted reload\n");
    if ($shv(trusted_query) == 0) {
        xlog("L_NOTICE", "event|trusted|signaling trusted reload\n");
        $shv(trusted_query) = 1;
    } else {
        xlog("L_NOTICE", "event|trusted|signal already active for trusted reload\n");
    }
}